Комментарии:
I just sync my KeePass file between devices via cloud, that takes care of the convenience part. And my phone undoes its one million times AES in a few seconds, so the argument of client vs. server power seems weird. I don't think it was that different 4 years ago.
ОтветитьWrite them down ... is not as bad as it sounds...
It can't be broken, it can't be hacked, if it's outside the view of a webcam, then it more secure ...
how does spiderman know so much about passwords ?
ОтветитьWhy the hassle of doing "H(vault_key | password)" for the authentication part? Can't the server just provide the blob for anyone that requests for it, since the assumption is that nobody without the master password can decrypt the blob anyway?
Ответитьmore important: have I been pawned?
Ответитьterrible terrible video
ОтветитьI'd never store my ssn I don't care how secure they are.
ОтветитьLastPass has just been cracked, with all of the vaults stolen. Please, don't use it, or just any online password manager for that matter. If you use it, change all of your passwords now.
ОтветитьHelp! For what master password entropy should i aim, if i use AES256 to encrypt my database ?? is it 128 bits enough or should i go for 256 bit master password?
Is it true that a quantum computer can brute force a 256 bit master password with grovers algorithm with a final strenght of 2**256/2 combinations??
Y'all should do a video on the OPAQUE password authentication protocol!
ОтветитьPassword managers should be hardware devices emulating a keyboard.
ОтветитьI have a some methods. I already do this so it's pretty safe.
Method1: Map all the English alphabets to some unicode characters that which you can remember. Basically you invent your own cipher. Then create some app/program in c++, rust which can convert any english txt file to the unicode mapping txt file. Print it on some card and keep it in your purse.
Same can be written on paper. Only you can understand it.
Method2: Put all your secret stuff in a file. Encrypt it using some program or your own custom program. Keep the program binary in private github repo. Deny all outbound connections in your machine. Keep the encrypted txt file anywhere you like, can be gmail.
It's takes some effort to protect valuable things. Don't go for easy options.
A password manager sits above all browsers that you may have stored different passwords for you.
It's also sits above all devices that you may have for example between Operating systems, PC and mobile devices.
has a 2 meter whiteboard.
writes on a small corner of a piece of paper.
I am using DroidPass Password Manager for 2+ years already . I no longer have to memorize lots of different passwords and usernames. Plus the unique passwords make everything so much more secure. Highly recommend!
Ответитьhello sir my name is rifqi i come from indonesia
sir can you help me or give me instructions, how to make a database program, for android mobile games, and i can see directly the database data of the game that is running on my android then i can see the data through my pc computer..
please guide and share knowledge sir..
Can someone tell me why it's okay to send your hashed password over the internet? If the server requires my hashed password to give me the vault key couldn't anyone intercept that hash and copy it and use it also?
ОтветитьChoose a password manager that supports security keys like Yubikey. That way an attacker not only has to guess your master password, they also need your physical key to authenticate.
Ответить1Password doesnt even derive the vault key from the password.
ОтветитьSo what happens when you have a corrupt authoritarian government who has implemented keyloggers at the os level, embedded drm reporting and harware based device id.
ОтветитьAll these Password Managers were far to complex for most of my family who didn't understand many of the features and just wanted something they could use easily. My Password Book for IOS devices was ideal and did not require any third party registration.
Ответитьwhat is the best pw manager?
Ответить"Not password1, goodness!"
He is so british :'D delightful
❤🧡💛💚💙💜🤎🖤💖💗💓💞💕❣💔💚🤍💘💝💟
ОтветитьLeft handed genius!
ОтветитьJust use 123password instead, ez
ОтветитьOn 1Password, if my private key is used to decrypt my Vault Key, is it also signed by 1Password’s Public Key?
ОтветитьIf your vault become encrypted again if your still logged in to the vault ?
ОтветитьThe only reasons I still taken in use a password manager I don't know how to
ОтветитьI love this man and i love how ambitious he is about IT things
Ответитьhashing, iterations, primary identifiers, Hmack, encripted vault, vault key, 250 bit AF key? a dozen confusing words in the first 5 minutes, too many computerspeak words to look up to understand , HELP!
ОтветитьOne good strategy for remembering hundreds of different long passwords is to use mnemonics. Even if not perfect in any part it should definitively be one of the strategies mentioned.
ОтветитьBut how does the server know that the authentication key is correct? Since it is hashed so many times. Also the authentication key must change on every login if I'm not wrong then how does it verify if it's the correct authentication key? The password manager I'm talking about is Bitwarden.
ОтветитьAlmost all password managers available out there are not really password managers, they are Note managers!
People should really start using a real password manager like "Multi One Password" that does not store passwords neither locally in the users computers nor in the cloud!
what if the fields(with the exception of the the passwords themselves) in the manager are not fully understandable? For example, instead of saying "Amazon" using a different association such as "JB's junk".
ОтветитьBitwarden is the best
ОтветитьI have an awesome Mosta Posswuhhhd
ОтветитьPASS : the standard Unix password manager
ОтветитьWe need a video on double verification
ОтветитьPlease please dont use conventional password managers
if you can code, just make your own
I have to say, I disagree with him about his assumptions regarding the "Business model" of the companies and how it pays for them to be honest. What if, say a State actor sponsored a company like this to be stood up, covertly, for the purposes of seeing who used the service in the first place. Rich, important people. Then cherry picked the ones to hack, for the purposes or taking control on a device or service for intelligence, not extracting money?
ОтветитьIs the automatic login from google chrome or samsung phones also some sort of password manager or do they use different (less secure?!) methods and are not advisable?
Ответить@Computerphile Based on your professional opinion, which password manager is best? Free or paid doesn't matter.
ОтветитьSo is leaving your vault open keep your password exposed?
Ответитьreallygoodpasswordwithout1or2or3or4inorderinit
ОтветитьWhat if
iloveyoukate is mike pound's password